SSO and Fluid Topics - Fluid Topics - 3.7

Fluid Topics Integration Guide

Operating system
Debian
Category
Reference Guides
Audience
public
Version
3.7

By default, Fluid Topics opens SSO authentication in a new browser window. It enables to authenticate users in a separate window and not lose the current page state (similar to web-style multithreading).

In this authentication tab:

  1. The browser is redirected to the SSO login page.
  2. Once authenticated, the user is redirected back to a Fluid Topics callback page by the SSO.
  3. Fluid Topics handles security verifications to ensure the values given by the SSO are trustworthy.
  4. Fluid Topics informs the authentication window that the user is now authenticated.
  5. The original window is updated and indicates the user is recognized.

Some SSO implementations have technical constraints that prevent the authentication window to work correctly. Indeed, the authentication window must be able to talk to its opener window. Some SSO implementations break (intentionally or not) the reference to this opener window and in this case, the authentication window is not able to talk to its opener. The authentication window is not closed and displays Fluid Topics with the authenticated user.

Fluid Topics proposes an option to disable SSO opening in a dedicated authentication tab. This means the window state can be lost when the user logs in. It can be configured in the authentication configuration node of the conf.json file as shown in the following example:

{
"ui": {
/* [..] */
"authentication": {
"realms": [
/* [..] */
},
"ssoInExternalWindow": false
]
}
}